Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/rubygems-update@0.9.1
purl pkg:gem/rubygems-update@0.9.1
Next non-vulnerable version 3.0.3
Latest non-vulnerable version 3.0.3
Risk 10.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-b36p-re17-n7dq
Aliases:
CVE-2017-0900
GHSA-p7f2-rr42-m9xm
Improper Input Validation RubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
2.6.13
Affected by 6 other vulnerabilities.
VCID-ee8m-jtmh-dfbs
Aliases:
CVE-2015-3900
GHSA-wp3j-rvfp-624h
OSV-122162
7PK - Security Features RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
2.0.16
Affected by 7 other vulnerabilities.
2.1.0.rc.1
Affected by 9 other vulnerabilities.
2.2.4
Affected by 7 other vulnerabilities.
2.4.7
Affected by 13 other vulnerabilities.
VCID-fx2c-u8eb-dufe
Aliases:
CVE-2012-2125
GHSA-228f-g3h7-3fj3
OSV-85809
HTTP Request Smuggling RubyGems can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
1.8.23
Affected by 8 other vulnerabilities.
VCID-hpng-v58x-xua5
Aliases:
CVE-2012-2126
GHSA-5mgj-mvv8-46mw
OSV-81444
Cryptographic Issues RubyGems does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
1.8.23
Affected by 8 other vulnerabilities.
VCID-jmzh-89dm-r7g2
Aliases:
CVE-2017-0902
GHSA-73w7-6w9g-gc8w
Origin Validation Error RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
2.6.13
Affected by 6 other vulnerabilities.
VCID-k2ga-fgvp-5qc7
Aliases:
CVE-2013-4287
GHSA-9j7m-rjqx-48vh
OSV-97163
Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
1.8.23.1
Affected by 0 other vulnerabilities.
1.8.26
Affected by 8 other vulnerabilities.
2.0.8
Affected by 9 other vulnerabilities.
2.1.0.rc.1
Affected by 9 other vulnerabilities.
2.1.0
Affected by 9 other vulnerabilities.
2.1.1
Affected by 8 other vulnerabilities.
VCID-ucdh-7fgy-33h8
Aliases:
CVE-2013-4363
GHSA-9qvm-2vhf-q649
Cryptographic Issues Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
1.8.23.2
Affected by 8 other vulnerabilities.
1.8.27
Affected by 8 other vulnerabilities.
2.0.10
Affected by 9 other vulnerabilities.
2.1.4
Affected by 7 other vulnerabilities.
2.1.5
Affected by 7 other vulnerabilities.
VCID-xgsa-5umz-qffr
Aliases:
CVE-2017-0899
GHSA-7gcp-2gmq-w3xh
Code Injection RubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
2.6.13
Affected by 6 other vulnerabilities.
VCID-xz68-vwz2-2ke4
Aliases:
CVE-2017-0901
GHSA-pm9x-4392-2c2p
Improper Input Validation RubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
2.6.13
Affected by 6 other vulnerabilities.
VCID-zb9m-getz-3keh
Aliases:
CVE-2015-4020
GHSA-qv62-xfj6-32xm
Improper Input Validation RubyGems does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.
2.0.17
Affected by 7 other vulnerabilities.
2.1.0.rc.1
Affected by 9 other vulnerabilities.
2.2.5
Affected by 7 other vulnerabilities.
2.4.8
Affected by 12 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zyxv-6ypw-rkex RubyGems file overwrite vulnerability The `extract_files` function in `installer.rb` in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. CVE-2007-0469
GHSA-95vx-q4c2-64gr
OSV-33561

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:46:08.460697+00:00 GitLab Importer Fixing VCID-zyxv-6ypw-rkex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2007-0469.yml 38.4.0
2026-04-16T20:37:58.833648+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.4.0
2026-04-16T20:37:58.298213+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.4.0
2026-04-16T20:37:57.000443+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.4.0
2026-04-16T20:37:56.458673+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.4.0
2026-04-16T20:32:43.464531+00:00 GitLab Importer Affected by VCID-zb9m-getz-3keh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml 38.4.0
2026-04-16T20:32:32.480214+00:00 GitLab Importer Affected by VCID-ee8m-jtmh-dfbs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml 38.4.0
2026-04-16T20:30:55.966845+00:00 GitLab Importer Affected by VCID-ucdh-7fgy-33h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml 38.4.0
2026-04-16T20:30:55.596622+00:00 GitLab Importer Affected by VCID-k2ga-fgvp-5qc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml 38.4.0
2026-04-16T20:30:53.006366+00:00 GitLab Importer Affected by VCID-fx2c-u8eb-dufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2125.yml 38.4.0
2026-04-16T20:30:52.207615+00:00 GitLab Importer Affected by VCID-hpng-v58x-xua5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2126.yml 38.4.0
2026-04-16T17:36:02.781671+00:00 Ruby Importer Affected by VCID-zb9m-getz-3keh https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml 38.4.0
2026-04-16T17:36:00.034920+00:00 Ruby Importer Affected by VCID-ee8m-jtmh-dfbs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml 38.4.0
2026-04-16T17:35:15.843962+00:00 Ruby Importer Affected by VCID-k2ga-fgvp-5qc7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.yml 38.4.0
2026-04-16T17:34:43.672136+00:00 Ruby Importer Affected by VCID-fx2c-u8eb-dufe https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.yml 38.4.0
2026-04-16T17:34:26.507145+00:00 Ruby Importer Affected by VCID-hpng-v58x-xua5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.yml 38.4.0
2026-04-11T23:01:54.529511+00:00 GitLab Importer Fixing VCID-zyxv-6ypw-rkex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2007-0469.yml 38.3.0
2026-04-11T21:48:39.300506+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.3.0
2026-04-11T21:48:38.675203+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.3.0
2026-04-11T21:48:37.207841+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.3.0
2026-04-11T21:48:36.599367+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.3.0
2026-04-11T21:43:06.131744+00:00 GitLab Importer Affected by VCID-zb9m-getz-3keh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml 38.3.0
2026-04-11T21:42:56.378886+00:00 GitLab Importer Affected by VCID-ee8m-jtmh-dfbs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml 38.3.0
2026-04-11T21:41:19.681023+00:00 GitLab Importer Affected by VCID-ucdh-7fgy-33h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml 38.3.0
2026-04-11T21:41:19.283463+00:00 GitLab Importer Affected by VCID-k2ga-fgvp-5qc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml 38.3.0
2026-04-11T21:41:17.076535+00:00 GitLab Importer Affected by VCID-fx2c-u8eb-dufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2125.yml 38.3.0
2026-04-11T21:41:16.766611+00:00 GitLab Importer Affected by VCID-hpng-v58x-xua5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2126.yml 38.3.0
2026-04-11T21:32:50.105464+00:00 Ruby Importer Affected by VCID-zb9m-getz-3keh https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml 38.3.0
2026-04-11T21:32:47.744026+00:00 Ruby Importer Affected by VCID-ee8m-jtmh-dfbs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml 38.3.0
2026-04-11T21:31:58.771177+00:00 Ruby Importer Affected by VCID-k2ga-fgvp-5qc7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.yml 38.3.0
2026-04-11T21:31:24.161646+00:00 Ruby Importer Affected by VCID-fx2c-u8eb-dufe https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.yml 38.3.0
2026-04-11T21:31:10.954716+00:00 Ruby Importer Affected by VCID-hpng-v58x-xua5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.yml 38.3.0
2026-04-02T23:10:22.217725+00:00 GitLab Importer Fixing VCID-zyxv-6ypw-rkex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2007-0469.yml 38.1.0
2026-04-02T22:02:33.099988+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.1.0
2026-04-02T22:02:32.549007+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.1.0
2026-04-02T22:02:31.094215+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.1.0
2026-04-02T22:02:30.555644+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.1.0
2026-04-02T21:57:14.605466+00:00 GitLab Importer Affected by VCID-zb9m-getz-3keh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml 38.1.0
2026-04-02T21:57:05.702130+00:00 GitLab Importer Affected by VCID-ee8m-jtmh-dfbs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml 38.1.0
2026-04-02T21:55:30.342250+00:00 GitLab Importer Affected by VCID-ucdh-7fgy-33h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml 38.1.0
2026-04-02T21:55:29.968098+00:00 GitLab Importer Affected by VCID-k2ga-fgvp-5qc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml 38.1.0
2026-04-02T21:55:27.662837+00:00 GitLab Importer Affected by VCID-fx2c-u8eb-dufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2125.yml 38.1.0
2026-04-02T21:55:27.369658+00:00 GitLab Importer Affected by VCID-hpng-v58x-xua5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2126.yml 38.1.0
2026-04-02T19:31:20.638014+00:00 Ruby Importer Affected by VCID-zb9m-getz-3keh https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml 38.1.0
2026-04-02T19:31:18.109796+00:00 Ruby Importer Affected by VCID-ee8m-jtmh-dfbs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml 38.1.0
2026-04-02T19:30:35.643331+00:00 Ruby Importer Affected by VCID-k2ga-fgvp-5qc7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.yml 38.1.0
2026-04-02T19:30:07.163972+00:00 Ruby Importer Affected by VCID-fx2c-u8eb-dufe https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.yml 38.1.0
2026-04-02T19:29:52.495769+00:00 Ruby Importer Affected by VCID-hpng-v58x-xua5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.yml 38.1.0
2026-04-01T16:19:42.540006+00:00 GitLab Importer Affected by VCID-xgsa-5umz-qffr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0899.yml 38.0.0
2026-04-01T16:19:41.952158+00:00 GitLab Importer Affected by VCID-xz68-vwz2-2ke4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0901.yml 38.0.0
2026-04-01T16:19:40.232370+00:00 GitLab Importer Affected by VCID-b36p-re17-n7dq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0900.yml 38.0.0
2026-04-01T16:19:39.638370+00:00 GitLab Importer Affected by VCID-jmzh-89dm-r7g2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2017-0902.yml 38.0.0
2026-04-01T16:14:28.488774+00:00 GitLab Importer Affected by VCID-zb9m-getz-3keh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-4020.yml 38.0.0
2026-04-01T16:14:17.405770+00:00 GitLab Importer Affected by VCID-ee8m-jtmh-dfbs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2015-3900.yml 38.0.0
2026-04-01T16:12:43.606365+00:00 GitLab Importer Affected by VCID-ucdh-7fgy-33h8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4363.yml 38.0.0
2026-04-01T16:12:43.229353+00:00 GitLab Importer Affected by VCID-k2ga-fgvp-5qc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2013-4287.yml 38.0.0
2026-04-01T16:12:40.880882+00:00 GitLab Importer Affected by VCID-fx2c-u8eb-dufe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2125.yml 38.0.0
2026-04-01T16:12:40.594755+00:00 GitLab Importer Affected by VCID-hpng-v58x-xua5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2012-2126.yml 38.0.0
2026-04-01T16:00:29.129983+00:00 GHSA Importer Fixing VCID-zyxv-6ypw-rkex https://github.com/advisories/GHSA-95vx-q4c2-64gr 38.0.0
2026-04-01T15:48:08.316960+00:00 Ruby Importer Affected by VCID-zb9m-getz-3keh https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-4020.yml 38.0.0
2026-04-01T15:48:06.195758+00:00 Ruby Importer Affected by VCID-ee8m-jtmh-dfbs https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2015-3900.yml 38.0.0
2026-04-01T15:47:21.214077+00:00 Ruby Importer Affected by VCID-k2ga-fgvp-5qc7 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4287.yml 38.0.0
2026-04-01T15:46:48.528254+00:00 Ruby Importer Affected by VCID-fx2c-u8eb-dufe https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.yml 38.0.0
2026-04-01T15:46:35.769658+00:00 Ruby Importer Affected by VCID-hpng-v58x-xua5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.yml 38.0.0
2026-04-01T13:08:51.628553+00:00 GithubOSV Importer Fixing VCID-zyxv-6ypw-rkex https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-95vx-q4c2-64gr/GHSA-95vx-q4c2-64gr.json 38.0.0
2026-04-01T12:49:57.729290+00:00 GitLab Importer Fixing VCID-zyxv-6ypw-rkex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rubygems-update/CVE-2007-0469.yml 38.0.0